[dm-crypt] Initialization Vector using plain aes-cbc

Milan Broz gmazyland at gmail.com
Wed Sep 26 15:56:38 CEST 2012


On 09/26/2012 03:17 PM, Ralf Ramsauer wrote:
> cryptsetup create asd ./foobar --cipher=aes-cbc-essiv:sha256 --key-file key
> or
> cryptsetup create asd ./foobar --cipher=aes-cbc
> Enter Passphrase: ..........

# cryptsetup create asd ./foobar --cipher=aes-cbc
Enter passphrase: 
device-mapper: reload ioctl on  failed: Invalid argument
device-mapper: table ioctl on  failed: No such device or address

> 
> work fine.
nope :)
Which version you are using?

First, for historic reasons, there are some shortcuts:
"aes" and "aes-plain"  will translate to "aes-cbc-plain"

but "aes-cbc" is not valid shortcut
(and cbc mode require IV specification )

If you are not sure, just run
cryptsetup status <active device>
and it will print full mode spec. of active device.

FO scripts, please always use full specification, the above is just
to provide compatibility with old cryptsetup.

Format is
<cipher>-<mode>-<IV/params>

plain/plain64 IV is just sector number, so no dependence
on passphrase/key. (If used with CBC mode, it is not secure.)

For more info about available IV modes see
http://code.google.com/p/cryptsetup/wiki/DMCrypt#IV_generators

Milan



More information about the dm-crypt mailing list